NSO Group, a spyware maker, has been ordered to pay over $167 million in damages to WhatsApp for a hacking campaign in 2019 that targeted more than 1,400 users.
Following a five-year legal battle, a jury awarded WhatsApp $167,254,000 in punitive damages and approximately $444,719 in compensatory damages.
This represents a significant legal victory for WhatsApp, which had initially sought over $400,000 in compensatory damages to cover employee efforts in remediating the attacks, investigating them, and patching the exploited vulnerability, as well as unspecified punitive damages.
WhatsApp spokesperson Zade Alsawah stated that the court case is historic, marking the first victory against illegal spyware that endangers privacy and safety. Alsawah emphasized that the ruling serves as a crucial deterrent against this malicious industry targeting American companies and compromising privacy and security.
NSO Group’s spokesperson, Gil Lainer, indicated the possibility of an appeal, stating that they will examine the verdict’s details and consider further legal remedies.
The trial and lawsuit revealed significant information, including the locations of the 2019 spyware campaign victims and the identities of some NSO Group customers.
The ruling concludes a legal battle initiated by WhatsApp over five years ago, where the company accused NSO Group of accessing WhatsApp servers and exploiting an audio-calling vulnerability to target individuals such as dissidents, activists, and journalists.
Will Cathcart, WhatsApp’s head, explained in a Washington Post op-ed that the lawsuit serves as a warning about the misuse of surveillance technology by irresponsible entities, posing risks to all.
In December, Judge Phyllis Hamilton ruled that NSO Group violated federal and California hacking laws and breached WhatsApp’s terms of service during the 2019 campaign.
Cathcart celebrated the ruling as a significant win for privacy, emphasizing that illegal spying will not be tolerated.
The case proceeded to a jury trial to determine damages owed to WhatsApp, which has now been resolved.
John Scott-Railton, a senior researcher at Citizen Lab, celebrated the verdict, noting that the ruling damages NSO’s operations and efforts to conceal its business activities. He highlighted that NSO’s business model involves facilitating dictators in hacking dissidents.
This story includes updated comments from WhatsApp and John Scott-Railton.